CONTENTS

• Access Control & OS
  1. Tutorial Overview
  2. Windows Lab Procedures
  3. Unix 's File System
  5. SOLARIS
  6. SOLARIS Lab Procedures
• Apache SSL
  1. Tutorial Overview
  2. Installing Components
  3. Creating a Certificate
  4. Configuring Apache SSL
• Authenticode
  1. Tutorial Overview
  2. Installing .NET Framework SDK
  3. Signing a File
  4. Verifying a Signature
• Common Criteria Methodology
  1. Tutorial Overview
  2. General Evaluation Guidelines
  3. Evaluation of Functional Requirements TOE
  4. Questions
  5. References
• Cryptography with C#
  1. Tutorial Overview
  2. C# .NET Framework Examples
  3. Message Authentication
  4. Digital Signatures
  5. Exercises
  6. Resources
• Cryptographic Libraries
  1. Tutorial Overview
  2. OpnelSSL's Toolkit
  3. Java Cryptography Extension
  4. Exercises
  5. Resources
• Firewall Access Control Lists
  1. Tutorial Overview
  2. Technical Details
  3. Telnet and FTP
  4. Lab Report
• Firewall Configurations & Attacks
  1. Tutorial Overview
  2. Attacking Without a Firewall
  3. Filter an IP Address
  4. Filter TCP Traffic
  5. Misconfigured Firewall Examples
  6. Exercises
• Forensics
  1. Tutorial Overview
  2. Exercises
  3. Hidden Data
  4. Steganography
  5. Viewing IE Cache
  6. Installation Instructions
• IIS & Server 2003
  1. Tutorial Overview
  2. Installing Components
  3. Create a Certificate Request
  4. Submit a Certificate Request
  5. Installing a Certificate
  6. Secure Certificate Services
  7. Secure the Server
  8. Secure IIS
• IPSec and VPN Tunnel
  1. Tutorial Overview
  2. Technical Details
  3. VPN Tunnel Parameters
  4. Lab Report
• Java Code Signing
  1. Tutorial Overview
  2. Installing Java & Signing a File
  3. Verifying a Signature
• Network Protocol Analyzers
  1. Tutorial Overview
  2. TCPDump
  3. Ethereal
  4. Sniffer Distributed System
  5. Telnet Session
• PKI
  1. Tutorial Overview
  2. Installing Thunderbird
  3. Installing GPG and Enigmail
  4. Create and Use Key Pairs
• Secure Cookies
  1. Tutorial Overview
  2. Installing Components
  3. Creating a Secure Cookie
• Three Tier

1. Ethereal.  Ethereal can recognize a number of protocols that has a graphical-user-interface, which allows you to analyze captured traffic much easier then TCPDump.  Ethereal displays traffic information using three windows.  The top window shows the summary of the captured packets. The details of packet headers can be viewed from the middle window and the bottom window shows packet content in hexadecimal and ASCII representation. The following steps show how you can capture and view the content of the packets.

1. On PC1, run the ethereal command by using the following command.  

$ sudo ethereal

2. To set the capture filters, on the menu bar click Capture then Start.

Select eth0 in Interface.
Select Capture packets in promiscuous mode.
In Filter, type host192.168.30.51 and host 192.168.30.52.
Select Update list of packets in real time.
Select Automatic scrolling in live capture. -Unselect three Enable name resolution checkboxes and click OK. 

3. Open a terminal window on PC1, initiate an FTP session to PC2 using the same process as step 5 from TCPDump.  Transfer a file and quit the FTP session.

4. On the ethereal top window, select any TCP packet. Right-click that line and then select Follow TCP Stream.

What do you see? Write down only the lines related to username and password exactly as they are shown. What is the filter expression at the bottom of the ethereal window, next to the label filter?  This is also called the dispaly filter since only the traffic that matches the expression is displayed. 

5. To write your own display filter, press the Reset button to remove the existing filter. Then type a filter expression in the field and press Enter. You can use an interactive help-window for writing display filters. The following example will show you how to write a display filter to display TCP headers with the SYN flag set.

Click the Filter button or click Edit on the menu bar, and then select Display Filters.
On the pop-up window, click Add Expression, then select TCP: Syn
Select “= =” in Relation
Set the value (Boolean) to 1
Click Accept and the filter string will be shown.
Your filter string: _____________________________
Then click Close.

6. Press the Reset button on the bottom. Type the filter expression obtained in step 6, and then press Enter.

2.  Questions.

1. How many TCP headers with SYN flag set are shown in the window?

2. Write syntax for the following display filters.

a.  A display filter that shows IP datagrams with the source IP address of PC2.
b.  A display filter that shows packets containing TCP segments using the destination port 23.
c.  A display filter that shows IP datagrams with length greater than 400 bytes.

Browse Pages << | < | 1 2 3 4 5 | > | >>